Toward a Theory of Everything? Exploring at the Edges of the ERM Construct

Dr. Kathleen Locklear

2012 Enterprise Risk Management Symposium April 18-20, 2012

© 2012 Casualty Actuarial Society, Professional Risk Managers’ International Association, Society of Actuaries

Toward a Theory of Everything? Exploring at the Edges of the ERM Construct

Dr. Kathleen Locklear

Call Paper Submitted for the 2012 ERM Symposium

April 18-20, 2012

Abstract

During the past 10 years, enterprise risk management (ERM) has evolved considerably into a best practice approach for identifying, managing and monitoring risk across an entire organization. At the level of theory, ERM standards and frameworks such as those created by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the International Organization for Standardization, have provided guidance and a direction forward. Nevertheless, there remains no single, universally accepted ERM framework. At times, the multiplicity of approaches to ERM can produce confusion, leaving companies and practitioners alike wondering which method is “right.”

Moreover, despite advances in ERM theory and practice, transboundary risk, extreme events and emerging risk continue to stretch ERM to its limits. This “stretching,” in combination with other observations regarding the current state of ERM theory and practice, suggest limitations in the ERM paradigm as it exists today. This raises several compelling questions, which are the focus of this paper.

1) What is the current state of the ERM paradigm, including its apparent limitations and boundaries, particularly with regard to extreme events and emerging risk? 2) Is it possible to have a unified ERM “theory of everything,” capable of explaining both smaller, localized risk events as well as transboundary risk and emerging risk? 3) Might it be the case that one set of laws applies to localized risk while a separate and different set of laws applies to macro-level risks such as extreme events and transboundary risk?

To propose answers to these questions, this paper draws from the divergent fields of modern physics and management theory. Concepts taken from physics will include quantum mechanics, general relativity and string theory. Concepts taken from management theory will include systems theory, complexity theory, scenario planning and interdisciplinarity. In combination, these will be suggested as novel means for moving toward a more robust ERM construct.

Key words: ERM, systems theory, complexity theory, scenario planning, interdisciplinarity

ii

Introduction. Background and Purpose

Enterprise risk management (ERM) first emerged in the early 1990s, and, since then, its benefits have been increasingly touted and more companies have sought to implement ERM as a best practice standard. Nevertheless, despite the growth and evolution of ERM during the past two decades, research reveals that relatively few organizations have been successful at implementing the model and developing their ERM programs to a fully mature state (Gates 2006; Fraser and Simkins 2007). These observations suggest a paradox of sorts, where ERM is “conceptually straightforward

[but] its implementation is not” (Nocco and Stulz 2006, 8). Moreover, while the benefits of ERM seem intuitive, the value of ERM oftentimes remains difficult to quantify and articulate. Although existing literature suggests numerous anticipated benefits to be derived from ERM, there is scant academic research that demonstrably supports the accomplishments of ERM (Gates 2006). Combined, these observations suggest the existence of limitations within the current state of ERM theory and practice.

The purpose of this paper is to explore along the boundaries of the current ERM paradigm, in the places where existing theory and practice are seemingly being stretched to their limits. To achieve this objective, this exploratory discussion will address the following research questions:

1) What is the current state of the ERM paradigm, including its apparent limitations

and boundaries with regard to extreme events and emerging risk?

2) Is it possible to have a unified ERM “theory of everything,” capable of explaining

both smaller, localized risk events as well as transboundary risk and emerging

risk?

1

3) Might it be the case that one set of laws applies to localized risk while a separate

and different set of laws applies to macro-level risks such as extreme events and

transboundary risk, and, if so, how might those be appropriately incorporated

within the ERM construct?

With these questions in mind, this paper will draw from the seemingly disparate

disciplines of physics and management theory. By adopting this novel approach, it is hoped this paper will identify new directions for research and discourse in the areas of

ERM and risk management practice. Equally important, it is hoped this paper will suggest ways in which the ERM paradigm can be enhanced through multidisciplinary dialogue that transcends the customary, artificial boundaries which exist among various academic and professional disciplines. In seeking to drive this type of dialogue, this paper has been encouraged in considerable part by the writings of Grobstein (2010), who noted,

“The task is not to get it right but to get it less wrong, not to disprove existing understandings but to recognize their context-dependence, not to discover what is, but to construct from conflicting understandings previously unconceived alternative understandings.”

This paper begins, in Part One, with an examination of the current state of ERM.

This is achieved through a focused literature review that explores how ERM is defined, its frameworks and the current state of ERM practice. The second part of this paper examines certain other limitations (constraints) within ERM. Those limitations are explored through the discussion of several themes derived from a review of the literature.

Embedded within the discussion of each theme are suggestions regarding particular

2

approaches proposed as means for further developing and evolving ERM. Finally, this

paper concludes with suggestions for further areas of research.

Part One. The Current State of ERM

An exhaustive literature review is beyond the scope of this paper. A more targeted

literature review is presented here with the objective of developing an understanding of

the current state of ERM. This focused literature review will explore ERM’s current

definition as well as ERM frameworks, standards and practices.

Defining ERM

Enterprise risk management is a relatively new area within management practice, first appearing in the mid-1990s (Dickinson 2001, 360). The term “enterprise risk management” has been attributed (Iyer, Rogers and Simkins 2010, 437) to usage by

James Lam in the mid-1990s. The initial academic research on ERM came shortly thereafter with publication of the first research study by L. Lee Colquitt, Robert Hoyt and

Ryan Lee in 1999 (Iyer, Rogers and Simkins 2010, 421).

Given the relatively limited history of ERM, it is perhaps not entirely surprising there is no universally accepted definition for enterprise risk management. At the level of

practice, the array of definitions for ERM can produce confusion, leaving companies

questioning what definition is “right.” Moreover, with each definition for ERM comes a different set of implementation steps and objectives, resulting in additional ambiguity for companies that wonder if they are correctly implementing ERM. As described in more

3

detail below, the emergence of ERM frameworks and standards have provided means for

achieving consistency in how ERM is defined, framed and understood.

ERM Frameworks and Standards

The history of ERM has been marked by the introduction of several standardized

frameworks. One of the earliest of these was the Australian/New Zealand Risk Standard,

which was first introduced in 1995. An updated version of this standard, called AS/NZS

4360, was subsequently introduced in 2004. That year also saw the introduction of the

COSO Enterprise Risk Management Integrated Framework, published by the Committee

of Sponsoring Organizations of the Treadway Commission (COSO). Most recently, in

November 2009, the International Organization for Standardization (ISO) published ISO

31000:2009, “Risk Management: Principles and Guidelines.”

Despite the development and evolution of these risk management standards and frameworks, there remains no single and universally accepted approach to ERM. It is acknowledged that, by their nature, ERM frameworks need to be general in nature in order to be applicable across a range of industries and sectors. Moreover, ERM frameworks need also to have practical utility and be relatively easy to implement.

However, a trade-off of this generality is that in their present form, ERM frameworks are best understood as management heuristics and not as theories that describe the nature of risk. In this regard, ERM frameworks are akin to what Bell (1999, 9) describes as

“conceptual schema … not true or false but either useful or not.”

When examining case studies of ERM implementation, it becomes apparent the experiences of various organizations vary greatly and success rates have remained

4

relatively flat over the past decade. These findings, which are discussed below as part of

an exploration of the current state of ERM practice, seem to suggest a “one size fits all”

approach to ERM does not work. Moreover, it is suggested here that while ERM

frameworks can provide a useful starting point, the task of ERM implementation is both

complex and nuanced and therefore requires additional tools and approaches that take

into account the objectives and profile of the individual organization. This notion is also

raised by Gordon, Loeb and Tseng (2009, 303), who comment, “The fact that there is no universally ideal ERM system is of course intuitive.” This leads to another theme within the ERM literature, the adaptive implementation of ERM frameworks by organizations.

That is, individuals tasked with ERM implementation are seemingly modifying and coming up with adaptive ERM frameworks that “fit” their organizations and the way in which they view the world order. While certainly practical, and borne out of necessity, this practice leads to fragmentation within ERM and lack of theoretical rigor. It is suggested here that based upon the foregoing, at the present time a satisfactory theoretical, empirical and conceptual understanding of ERM does not exist. Carrying this concept a step further, and adapting Kuhn’s definition of paradigm to this discussion, it is also proposed here that ERM in its current form does not constitute a universally recognized set of concepts and practices.

ERM Practice

As a relatively new discipline, it is not entirely surprising there is a dearth of

academic research on the topic of ERM. Many of the studies that explore aspects of ERM

implementation have been conducted by insurance companies. In 2010, the global

5

insurance giant Aon published a report which included findings that only 7 percent of the study respondents had been successful at developing their ERM programs to a mature level, defined as being characterized by a “well-developed ability to identify, measure, manage and monitor risk across the organization” (5). In 2010, the global insurance and

risk management firm Marsh published a study on risk management that included

discussion of enterprise risk management. In that study, it was reported that 53 percent of

respondents did not have an ERM program in 2010 (8). This number was up considerably

from the 27 percent figure reported in 2006.

The results of studies conducted by insurers are consistent with those presented in

academic studies. Overall, findings suggest successful ERM implementation has

remained relatively flat since the start of the millennium. For example, research done by

Gates in 2006 revealed that only 11 percent of respondent companies indicated they had

“fully implemented” an ERM program (83). A year later, research by Fraser and Simkins

(2007) found that only 10 percent of surveyed firms had attained what was deemed to be

“successful” ERM implementation (75). Taken together, the data from these studies

seems to suggest limitations in existing ERM theory and practice, including the

limitations of existing ERM frameworks.

Summary

As identified and discussed above, there are numerous observable limitations in

the current ERM framework. With those noted, discussion turns now to an exploration of

possible approaches for how ERM theory and practice might be advanced. This

exploration will be developed in the next section through the presentation of several

6

ERM themes. In sum, this discussion seeks to address the question of whether it is

possible to have an ERM “theory of everything.”

Part 2. Distilling ERM: Identifying Themes

In addition to the limitations noted in the prior section, ERM remains limited by several other constraints. Those are explored here through the discussion of several themes derived from an examination of the literature. Embedded within the discussion of each theme are suggestions regarding particular approaches proposed as means for further developing and evolving ERM.

Theme One: ERM as Holistic Approach

Conceptually, ERM is generally understood to involve the holistic management of

an organization’s portfolio of risks, as those risks exist and interact across the entity as a

whole (Lam 2003; Liebenberg and Hoyt 2003; Beasley, Pagach and Warr 2008). This

approach differs from traditional risk management where individual risks were

customarily handled on a stand-alone, unidisciplinary basis, leading to a stove-pipe

approach to risk management (Beasley and Frigo 2010, 31). Implicit in this distinction,

although not consistently articulated across the ERM literature, is the premise that risks

are best managed from a portfolio perspective rather than on a stand-alone basis. Adding

further to this notion, Power (2009, 851) proposes that ERM has been received and

“celebrated” as an antidote to the typical siloed approaches of traditional risk

management.

7

However, as it is currently articulated, ERM does not account for the possibility that risks may at once have both small-scale and large-scale aspects such that a combination of both micro and macro approaches is both necessary and optimal. In considering this notion, there are possible corollaries to be gleaned from physics.

Specifically, Einstein’s theory of general relativity seeks understanding, on the largest scales, at the level of galaxies and clusters. On the other hand, quantum mechanics proposes a theoretical framework for understanding on the smallest scales, at the level of molecules and electrons. Moreover, an ongoing problem within modern physics relates to the inability to reconcile quantum mechanics and general relativity as they are currently formulated. In other words, both theories cannot be correct. While each theory works well on its own, both break down when applied in combination, leading to the development of string theory as a means for achieving harmony (Greene 2003, 3).

Applying this to ERM leads to the important question of whether two separate theories are required: one for large-scale risk (e.g., global, transboundary risk) and another for small-scale risk (localized). And, if such theories are indeed required, then a further problem that may arise is how (and whether) it is possible to reconcile both. These questions represent not only areas for further research and discourse in ERM, but also seminal questions of epistemology, which must be answered in order for ERM to move beyond its current status as a conceptual scheme.

Theme Two: ERM and Interdisciplinarity

There is a general understanding that successful ERM requires a multidisciplinary approach. This notion is consistent with the idea that ERM seeks to manage the

8

organization’s portfolio of risks, across all functional areas of the organization. As

described by Fraser and Simkins (2007, 77), “Currently, there is no single professional group or association that is seen as a clear leader in ERM. [W]hereas professions are usually organized around a single skill set, such as insurance, accounting, actuarial science, or valuation, ERM requires extensive ongoing input from all these disciplines and from marketing and operations as well.”

In the ERM context, multidisciplinary teams become essential, since no single discipline or functional area is capable on its own of managing risks that span the entire organization and also external boundaries. The requirement for a multidisciplinary approach distinguishes ERM from traditional risk management, where individual risks

(e.g., credit risk, regulatory risk, environmental safety risk) could be adequately handled on a stand-alone basis by functional experts.

What is not addressed in the ERM literature is how to effectively bring together diverse groups in a way that optimizes the inputs from each group and also ensures discourse across the groups is harmonized through a shared framework of understanding.

To move this area of understanding forward, it is useful to consider the literature that addresses interdisciplinarity. As defined by Klein and Newell (1997), interdisciplinary study can be defined as “a process of answering a question, solving a problem, or addressing a topic too broad or complex to be dealt with adequately by a single discipline or profession (394).” In her 1994 study, Hübenthal posited that interdisciplinary approaches are necessitated when “problems are much too complex to be judged appropriately, let alone be solved, merely with the subject-knowledge of a single

9

discipline” (55). The discussion presented in theme one suggests how insights might

emerge through an interdisciplinary approach to ERM.

Theme Three: ERM and Post-Modern Risk

Notions of interconnectedness and transboundary risk are recurring and embedded

as themes within the ERM literature. However, a robust treatment of these topics is lacking and as such it is necessary to turn to the scholarly literature to arrive at a thorough treatment of these topics.

For example, in the more recent scholarly literature, there has been growing discussion around the proposition that the nature of risk in today’s global, interconnected world is materially different (Giddens 1990; Beck 1992; Lagadec 2007; Michel-Kerjan

2008; Smith and Fischbacher 2009). In their editorial review, Smith and Fischbacher

(2009) echo the evolutionary changes (“shifts”) in risk management theory and practice during the past 10 years and identify specific “challenges that face academics and practitioners associated with risk management” (2). One specific challenge, relevant here, is the “borderless” nature of risk, which Smith and Fischbacher describe as the capability of risk to transcend an array of boundaries, both physical and artificial, ranging from geographical to cultural, physical, organizational and academic.

Globalization is cited as one of the factors contributing to the materially different nature of post-modern risk, which represents a conceptual point of departure (paradigm shift) from antecedent, traditional notions of risk. While risk has historically been viewed as quantifiable, predictable, linear and localized, post-modern risk differs in both its origins and essential nature. Through an understanding of the conditions of the modern

10

environment, including the impact of globalization, it becomes possible to further

understand the essence of post-modern risk and why a “new risk architecture” (Michel-

Kerjan, 821) is required to appropriately manage today’s risks.

The forces of globalization have been characterized as having radically altered the playing field by creating “globalization of risk” (Tacke 2001; Giddens 1990). Beck

(2009) carried this a step further by suggesting a distinction between “old” risks and

“new” or “global” risks, which he posited are defined by the earmarks of “delocalization, incalculability and non-compensability” (52). Beck’s notion of delocalization captures the idea that the causes and consequences of global risks transcend barriers of geography to involve multiple, dispersed locations, resulting in “omnipresent” risk.

Noncompensability captures the notion the destructive impacts of global risks (e.g.,

global warming) may not be fixable (through monetary or other compensation), or

reversible. Within Beck’s paradigm of global risk, incalculability arises from the

“hypothetical” nature of global risk, as well as from conditions of “scientifically

generated non-knowing and normative dissent” (52). Here, Beck suggests a condition in which it is not possible to calculate the consequences of global risk or ascertain with certainty if a given risk exists. Incalculability is a challenge as well when seeking to understand emerging risk.

As described by Giddens, globalization involves a “stretching process” (1990,

64) in which “the modes of connection between different … regions become networked across the earth’s surface as a whole … [creating] intensification of worldwide … relations which link distant localities in such a way that local happening are shaped by

events occurring many miles away and vice versa.” It is this network of interconnections

11

that provides the pathway through which risk can travel across geographic boundaries, resulting in impacts for both direct and indirect victims. Both tangible and intangible infrastructure are included here, intertwining to create the webs of our “flat” world

(Friedman 2005). As described by Slovic and Weber (2002, 12), global risk can create an effect much like that of a stone being dropped into a pond with “ripples that spread outward, encompassing first the directly affected victims, then the responsible company or agency, and in the extreme, reaching other companies, agencies and [entire] industries.”

Within the segment of literature that focuses on globalization of risk, a recurring theme is the notion that technological advances, combined with the rapid speed with which they are introduced to the market, make it very difficult to evaluate risk. This difficulty is a byproduct of an environment where “simple cause-and-effect relationships are steadily replaced by multi-causal and multi-conditional systems” (Coomber 2006,

89). The existence of rapid change, combined with complexity, make it very difficult

(and perhaps impossible) to predict a future outcome with certainty.

Although ERM has proposed “process-based rules” and frameworks, it has

“proven to be incapable of articulating and comprehending critical risks, particularly those associated with interconnectedness” (Power 2009, 850). As articulated by Miller

(1992), a “significant shortcoming in much of the existing risk and uncertainty literature is the emphasis on particular uncertainties rather than a multidimensional treatment of uncertainty” (312). Systems theory and complexity theory provide means for overcoming this limitation and gaining critical understanding of dynamic interactions among risks.

Nevertheless, despite a solid body of literature on the subjects of systems thinking and

12

complexity, there is comparatively little work that applies systems thinking and

complexity theory to the subjects of risk management and ERM. White (1995) and

Bonabeau (2007) are among the few authors who adopt this focus, and, as such, there remains a gap in the risk management and ERM literature that needs to be closed in order for ERM to evolve further.

It is further noted here that many risk management and ERM tools are reductionist in nature, premised upon the notion that understanding of an end event

(“outcome”) can be derived by “working backward” to break the event down into its constituent parts. In support of this perspective, White (1995, 35) defines systems thinking as “characterized by its holistic approach to problem solving,” which she contrasts with “analytical methods used in risk assessment [that] can be viewed mainly as reductionist.” A critical limitation of reductionism is that it neglects to properly acknowledge that modern risk is the byproduct of emerging, complex and systemic factors influenced by human behavior.

When examining dynamic risk, including emerging risk, that arises from these conditions, it is necessary to understand the outcome (“event”) may be greater than the sum of its constituent elements. This concept is captured eloquently by Grobstein (2007) who notes, “Simple things interacting in simple ways can yield surprisingly complex outcomes.” Thus, to understand dynamic risk, it becomes necessary to work “both downward and upward” (Grobstein) to capture not only the constituent elements of risk, but also the complexity generated by their dynamic interactions within the context of a given system. As noted by Fulmer (1992), systems thinking offers a valuable tool for removing artificially constructed barriers between constituent parts of a system. By

13

exploring the structure of an entire system, interconnections and interdependencies

among constituent elements become visible, thereby uncloaking the nature of risks as

revealed through the totality of its individual elements and their dynamic interactions. It

is these types of thinking approaches—that emphasize multidirectional possibilities

within a system—which should be adapted for inclusion within ERM.

Theme Four: ERM and Outlier Events

Despite advances in ERM tools, organizations continue to face challenges and be

caught off guard by extreme events and disasters. Focusing specifically on “never”

events, Taleb (2007) put forth the “black swan” as a particular type of disaster, the essential qualities of which are extreme impact, rarity and a low degree of predictability.

Because Taleb situates the black swan within the realm of the unpredictable, it is more productive to adjust to the existence of these rare events than to continue efforts to predict them. A seminal characteristic of the black swan is that we behave as though it does not exist. This leads us to continue “operating under the false belief that [predictive] tools” (xviii) are capable of accurately predicting uncertainty. This dynamic in turn leads us to devise tools that provide measurements which ostensibly exclude the possibility of the black swan. Within Taleb’s paradigm, that which is unknown is much more relevant than that which is known.

Applying these notions to ERM, it is suggested here that a more productive approach—however counterintuitive—may involve pursuing the unknown. To proceed in this way, it is first necessary to radically reframe the manner in which risk problems are approached. This involves considering that lack of knowledge about modern risk may not

14

be merely a “knowledge gap” which can be filled by gathering more information, but

rather, that the nature of modern risk makes it impossible a priori to have perfect

knowledge of risk. Through acceptance of this epistemic limitation (a priori

unknowability and incalculability), it is possible to refocus efforts in other areas that may

prove more productive in terms of identifying ways to address risk from a practical perspective. ERM can—and should be—further developed to include tools and approaches for addressing types of risk (including black swans and emerging risk) that are unknowable or imperfectly knowable (a priori). In doing so, it would become possible to move incrementally forward to states of greater information and actionable knowledge.

Of course, this suggestion leads to the question of how organizations might go

about exploring unknown aspects of risk in a meaningful way. One possible approach is

through the application of scenario planning. As discussed in more detail below, scenario planning provides a means for identifying and describing a range of possible future outcomes. Once this range of possible future outcomes has been articulated, it then becomes possible to better understand sources of emerging risk and to develop contingency plans that might minimize the impact of an emerging risk.

This application of scenario planning is consistent with the premise that traditional decision-making strategies (including their applications in the risk management field) have been heavily reliant upon a core set of “rational assumptions”

(Allen 2000) which increasingly do not hold true in today’s complex and dynamic environment. It can no longer be assumed that businesses know all of their options and can therefore rationalize, through a linear process, to identify a single choice perfectly aligned with strategic goals and considers risks that might jeopardize those goals. As

15

Ormerod described, (2005, 13), “firms certainly act with purpose and intent, and have no

intention of failing, but the complexity of the environment in which they are operating

means that it is as if they were operating much closer to the zero intelligence particle

model of agent behavior than to that of the fully rational agent.” In subsequent writing

(2010), Ormerod further elaborated on this point, adding individuals have an “inevitably

imperfect” understanding of the world. By discarding the “assumption of full

information” and opening the door to the notion of bounded rationality, it becomes

possible to explore tools such as scenario planning that offer meaningful potential if

effectively incorporated within ERM.

Part Three. Summary and Conclusion

As discussed in this paper, ERM has evolved considerably in the two decades since its emergence. Nevertheless, there is no single, universally accepted definition for

ERM, and, at the practice level, implementation is adaptive. Moreover, although ERM standards and frameworks have practical use, organizations continue to struggle with the question of whether they are correctly implementing ERM. So, while ERM remains a useful management heuristic, it has not evolved to the level of a paradigm and is not capable in its current state of providing a “theory of everything.”

To enhance the robustness of the ERM framework, further study is suggested around the question of whether separate rules are needed to explain and handle localized risk (micro level) and transboundary risk (macro level). A related area for further research is how to adapt ERM so that it is able to provide a means for addressing especially problematic types of risk, such as black swan events. In seeking to address

16

these areas of study, a further challenge (which is itself an area for further research) is how to effectively bring together multidisciplinary groups capable of producing novel research related to ERM. Within this paper, systems theory and complexity theory have been identified as means for approaching the challenges of modern risk. However, there is scant research that applies these topics to ERM, and, as such, this gap in research is yet another area where further study is suggested.

17

References

Allen, Peter. “Harnessing Complexity.” Working paper, Complexity Society, 2000. Accessed February 12, 2010, from www.som.cranfield.ac.uk/som/dinamic- content/news/documents/complexity.doc.

Aon Corp. “Global Enterprise Risk Management Survey 2010.” http://www.AON.com/attachments/2010_Global_ERM_Survey.pdf.

Beasley, Mark S., and Mark L. Frigo. “ERM and its Role in Strategic Planning and Strategy Execution.” In Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives, edited by John Fraser and Betty J. Simkins, 31-50. Hoboken, NJ: John Wiley & Sons Inc., 2010.

Beasley, Mark, Don Pagach, and Richard Warr. “Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes.” Journal of Accounting, Auditing and Finance 23, no. 3 (July 2008): 311-32. doi:10.1177/0148558X0802300303.

Beck, Ulrich. Risk Society: Towards a New Modernity. New Delhi: Sage, 1992.

———. World at Risk. Polity Press: Cambridge, 2009.

Bell, Daniel. The Coming of a Post-Industrial Society: A Venture in Social Forecasting. New York: Basic Books, 1999.

Bonabeau, Eric. “Understanding and Managing Complexity Risk.” MIT Sloan Management Review 48, no. 4 (2007): 62-68.

Coomber, John R. “Natural and Large Catastrophes: Changing Risk Characteristics and Challenges for the Insurance Industry.” Geneva Papers on Risk and Insurance: Issues and Practice 31, no. 1 (2006): 88-95. doi:10.1057/palgrave.gpp.2510067.

Dickinson, Gerry. “Enterprise Risk Management: Its Origins and Conceptual Foundation.” The Geneva Papers on Risk and Insurance 26, no. 3 (July 2001): 360-66. doi:10.1111/1468-0440.00121.

Fraser, John R.S., and Simkins, Betty J. “Ten Common Misconceptions About Enterprise Risk Management.” Journal of Applied Corporate Finance 19, no. 4 (fall 2007): 75-81. doi:10.1111/j.1745-6622.2007.00161.x.

Friedman, Thomas L. The World is Flat: A Brief History of the Twenty-First Century. New York, NY: Farrar, Straus and Giroux, 2005.

Fulmer, Robert M. “Nine Management Development Challengers for the 1990s.” Journal of Management Development 11, no. 7 (1992): 4-10. doi:10.1108/02621719210020566.

18

Gates, Stephen. “Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice.” Journal of Applied Corporate Finance 18, no. 4 (fall 2006): 81-90. doi:10.1111/j.1745-6622.2006.00114.x.

Giddens, Anthony. The Consequences of Modernity. Stanford, CA: Stanford University Press, 1990.

Gordon, Lawrence A., Martin P. Loeb, and Chih-Yang Tseng. (2009) “Enterprise Risk Management and Firm Performance: A Contingency Perspective.” Journal of Accounting and Public Policy 28, no. 4: 301-327.

Grobstein, Paul. “From Complexity to Emergence and Beyond: Towards Empirical Non- Foundationalism as a Guide for Inquiry.” Soundings 90, no. 1/2 (2007): 301-23.

———. “Education in the Evolving Systems Context.” Comment on Serendip “Evolving Systems: Home Page” (March 26, 2010 at 11:00 a.m.) http://serendip.brynmawr.edu/exchange/evolsys/home.

Greene, Brian. The Elegant Universe: Superstrings, Hidden Dimensions, and the Quest for the Ultimate Theory. New York: Vintage Books, 2003.

Hübenthal, Urusula. “Interdisciplinary Thought.” Issues in Integrative Studies 12 (1994): 55-75.

Iyer, Subramanian R., Daniel A. Rogers, and Betty J. Simkins. “Academic Research on Enterprise Risk Management.” In Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives, edited by John Fraser and Betty J. Simkins, 419-31. Hoboken, NJ: John Wiley & Sons Inc., 2010.

Klein, Julie T., and William Newell. “Advancing Interdisciplinary Studies.” In Handbook of the Undergraduate Curriculum: A Comprehensive Guide to Purposes, Structures, Practices, and Changes, edited by Jerry Gaff and James Ratcliff, 393-415. San Francisco: Jossey-Bass, 1997.

Lagadec, Patrick. (2007). “Over the Edge of the World.” Crisis Response Journal 3, no. 4: 46-47.

Lam, James. Enterprise Risk Management: From Incentives to Control. Hoboken: John Wiley & Sons Inc., 2003.

Liebenberg, Andre P., and Robert E. Hoyt. “The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers.” Risk Management and Insurance Review 6, no. 1 (February 2003): 37-52. doi:10.1111/1098- 1616.00019.

19

Marsh Inc. “Excellence in Risk Management VII: Elevating the Practice of Strategic Risk Management.” April 2010. http://www.marsh- africa.com/documents/MarshExcellenceinRiskManagementReport_April2010.pdf.

Michel-Kerjan, Erwann O. “Toward a New Risk Architecture: The Question of Catastrophe Risk Calculus.” Social Research: An International Quarterly 75, no. 3 (fall 2008): 819-54.

Miller, Kent D. “A Framework for Integrated Risk Management in International Business.” Journal of International Business Studies 23, no. 2 (1992): 311-31. doi:10.1057/palgrave.jibs.8490270.

Nocco, Brian W., and Rene M. Stulz. “Enterprise Risk Management: Theory and Practice.” Journal of Applied Corporate Finance 18, no. 4 (fall 2006): 8-20. doi:10.1111/j.1745-6622.2006.00106.x.

Ormerod, Paul. Why Most Things Fail: Evolution, Extinction and Economics. New York: Pantheon Books, 2005.

———. “The Current Crisis and the Culpability of Macroeconomic Theory.” 21st Century Society: Journal of the Academy of Social Sciences 5, no. 1 (February 2010): 5- 18. doi:10.1080/17450140903484031.

Power, Michael. “The Risk Management of Nothing.” Accounting, Organizations and Society 34, no. 6-7. (August–October 2009): 849-855.

Slovic, Paul and Elke Weber. “Perception of Risk Posed by Extreme Events.” In Risk Management Strategies in an Uncertain World. Palisades, New York: Columbia/Wharton Roundtable, 2002.

Smith, Denis, and Moira Fischbacher. “The Changing Nature of Risk and Risk Management: The Challenge of Borders, Uncertainty and Resilience.” Risk Management 11 (2009): 1-12. doi:10.1057/rm.2009.1.

Tacke, Veronica. “BSE as an Organizational Construction: A Case Study on the Globalization of Risk.” British Journal of Sociology 52, no. 2 (2001): 293-312.

Taleb, Nassim Nicholas. The Black Swan: The Impact of the Highly Improbable. New York, NY: Random House, 2007.

White, Diana. “Application of Systems Thinking to Risk Management.” Management Decision 33, no. 10 (1995): 35-45. doi:10.1108/EUM0000000003918.

20